<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<% request.setCharacterEncoding("UTF-8"); %>
<%@ page import="java.sql.*" %>
<%@ page import="javax.servlet.http.Cookie" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%
    // 检查登录
    Cookie[] cookies = request.getCookies();
    String logonusername = null;
    if (cookies != null) {
        for (Cookie cookie : cookies) {
            if ("logonusername".equals(cookie.getName())) {
                logonusername = cookie.getValue();
                break;
            }
        }
    }
    request.setAttribute("logonusername", logonusername);
    
    if (logonusername == null) {
        out.println("<script>alert('管理请先登录！');window.location.href='logon.jsp';</script>");
        return; 
    }
    
    Connection conn = null;
    PreparedStatement stmt = null;
    ResultSet rs = null;
    ResultSet ros = null;
    try {
        Class.forName("com.mysql.cj.jdbc.Driver");
        conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/books", "books", "books");
        //查询权限
        String sqls = "SELECT state FROM users WHERE username = ? and state = 5";
        stmt = conn.prepareStatement(sqls);
        stmt.setString(1, logonusername);
        ros = stmt.executeQuery();
		if (!ros.next()){
			out.println("<script>alert('抱歉！您没有管理的权限！');window.location.href='index.jsp';</script>");
	        return;
        }
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        try { if (rs != null) rs.close(); } catch (SQLException e) { /* ignored */ }
        try { if (stmt != null) stmt.close(); } catch (SQLException e) { /* ignored */ }
        try { if (conn != null) conn.close(); } catch (SQLException e) { /* ignored */ }
    }

%>
<!DOCTYPE html>
<html>
<head>
	<meta charset="utf-8" />
	<link rel="stylesheet" href="style/css/index.css" />
	<link rel="stylesheet" href="style/css/admin.css" />
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<title>图书管理 - 添加文章</title>
</head>
<style>
form,form p{
	justify-content: center;
	text-align: center;
}
form h2,form p,form input{
	margin: 20px 0;
	align-items: center;
}
form input[type="submit"] {
	width: 60%;
	height: 40px;
	padding: 5px 12px;
	border: none;
	background-color: #2f77b1;
	color: #fff;
	cursor: pointer;
	border-radius: 4px;
	margin-left: 10px;
}
</style>
<body>
<div id="app">
	<div class="top">
		<div class="title">
			<h1>图书管理 - 添加文章</h1>
		</div>
		<div class="menu">
			<a href="admin.jsp">管理</a>
			<a href="index.jsp">首页</a>
			<a href="my.jsp">关于</a>
		<%
        	out.println("<a>"+logonusername+"</a><a href=\"api/_exit.jsp\">退出登录</a>");
        %>
		</div>
	</div>
	
	<div class="main-div">
		<div class="main">
			<div class="book-list">
                <div class="book-item">
					<form action="api/_adds.jsp" accept-charset="UTF-8" method="post">
                    <h2>《<input type="text" name="bookname"  placeholder="书名"/>》</h2>
                    <p>作者: <input type="text" name="author"  placeholder="作者名"/></p>
                    <p>数量：<input type="number" name="booknum"  placeholder="数量"/></p>
                	<p><textarea name="msg" placeholder="书籍作品的简介"></textarea></p>
					<b><input type="submit" value="添加" /></b>
                    </form>
                </div>
			</div>
		</div>
	</div>
	<%@ include file="bottom.jsp" %>